Introduction of Metatron Anomaly

The Anomaly Expansion Pack is a tool that detects abnormal data flow and immediately alerts users. For this detection, it uses prediction models built based on machine learning.

Basic principles

As shown below, Anomaly predicts an aggregate of the target data source in real time and monitors the actual value.

aggregation monitoring

Here, the value marked as Predict is the data aggregate predicted through machine learning, and the value marked as Actual is the actual monitored value. As shown below, the total abnormal score increases with the difference between the two values. That is, the data aggregate is considered as deviating from the normal range if the actual value is significantly different from the predicted value.

total abnormal score

In this example, it is set to generate a low level alarm when the abnormal score reaches 20 points, a moderate if it exceeds 40 points, a major alarm if it exceeds 60 points, and a critical level alarm if it exceeds 80 points. ” According to the training data, It can be predicted that a critical class alarm was generated on April 6th at 3pm.

The alarms are reported through various channels to the user, so that immediate action can be taken in response to anomalies.

Key functions

The key functions of Anomaly are as follows:

  • User convenience enhanced with automatic recommendation of a prediction model based on machine learning

  • Immediate alarm triggering and report generation in case of anomaly

  • Support real-time dashboard and real-time search function to analyze data source

  • Support 3rd-party system linkage to apply new algorithm model

Structure

Anomaly’s menu is divided into two categories: Anomaly Detectionand Data Management.

metatron anomaly structure

Under Anomaly Detection menu, features support overall anomaly detection statistics, alarm information, alarm rule setting, and new algorithm addition.

Under Data Monitoring menu, features provide a real-time dashboard and a search function that allows you to query the data source.

Users can easily navigate across menus, use references to detailed items, and gain organic understanding of alarms including their rule settings, past occurrences, and overall statistics.